- Issued:
- 2021-10-19
- Updated:
- 2021-10-19
RHSA-2021:3909 - Security Advisory
Synopsis
Moderate: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
- kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)
- kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- kernel-rt: update RT source tree to the RHEL-8.2.z source tree (BZ#2009052)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2 x86_64
- Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2 x86_64
Fixes
- BZ - 1983686 - CVE-2021-3653 kernel: SVM nested virtualization issue in KVM (AVIC support)
- BZ - 1983988 - CVE-2021-3656 kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE)
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.68.1.rt13.118.el8_2.src.rpm | SHA-256: 586493bf414c55639015c039aabdb4f2797bc5ec45b4d02e4818b4bf212b7684 |
| x86_64 | |
| kernel-rt-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 6e6dc96cc856ad70ce3a9fcdf2937e1037074a53cc2e9a9ad73a4c6287b57001 |
| kernel-rt-core-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 80fd75bd4dadc697b6c866802bf2cb12fe86fd48042f7be7b52f3660f4483244 |
| kernel-rt-debug-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: b87062210c9f693a3009d467bb1ddeb62c72780cf4a2ccbe3b19aa3cd4816486 |
| kernel-rt-debug-core-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 3f2896b3eddca114aea67d01e2c9c6f1a240bf37f8780bf475f3648832f5914f |
| kernel-rt-debug-debuginfo-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 85943ae3a3361d05a724a608e7346730bc977690c1b542d2061a7b717b2c6c63 |
| kernel-rt-debug-devel-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 3d48f6007b1a05e8664e5248184904a4c425731e9aef0b42b8b1e021b1134853 |
| kernel-rt-debug-modules-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 0a1a7f69debcb63fceb636b3d34b8b6eed8e3068af85f5e77c08fae1ed64fd39 |
| kernel-rt-debug-modules-extra-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 1182bf70165ee07c16deff6fdd35739ccba283c6df255fb2e0831bb84193ac38 |
| kernel-rt-debuginfo-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 92d778dbb62629b5f924502b4a770025d111656c9a5c0d591520ec665d7da7d8 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 83c23dceb81434d54ae63727debfaf031102121abee525981818d17cd0b7c454 |
| kernel-rt-devel-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 6c88fb1bf21cc394565620fbe0ef95fe0f9c1eab7cd3b417fd5e192a0a8155aa |
| kernel-rt-modules-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 8cd04ab254029a642ccc4e5af31e5dd81d107691c2166f2de5810d0c37b09736 |
| kernel-rt-modules-extra-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 9e04adf90853ae8e3bf859e70cef38a12892e21ab5be29b990c55887be572aa3 |
Red Hat Enterprise Linux for Real Time for NFV - Telecommunications Update Service 8.2
| SRPM | |
|---|---|
| kernel-rt-4.18.0-193.68.1.rt13.118.el8_2.src.rpm | SHA-256: 586493bf414c55639015c039aabdb4f2797bc5ec45b4d02e4818b4bf212b7684 |
| x86_64 | |
| kernel-rt-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 6e6dc96cc856ad70ce3a9fcdf2937e1037074a53cc2e9a9ad73a4c6287b57001 |
| kernel-rt-core-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 80fd75bd4dadc697b6c866802bf2cb12fe86fd48042f7be7b52f3660f4483244 |
| kernel-rt-debug-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: b87062210c9f693a3009d467bb1ddeb62c72780cf4a2ccbe3b19aa3cd4816486 |
| kernel-rt-debug-core-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 3f2896b3eddca114aea67d01e2c9c6f1a240bf37f8780bf475f3648832f5914f |
| kernel-rt-debug-debuginfo-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 85943ae3a3361d05a724a608e7346730bc977690c1b542d2061a7b717b2c6c63 |
| kernel-rt-debug-devel-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 3d48f6007b1a05e8664e5248184904a4c425731e9aef0b42b8b1e021b1134853 |
| kernel-rt-debug-kvm-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 76e5e48f38e590e33e678c65038daaffa2ddc6704b96cb3442e9a350bfeac5fe |
| kernel-rt-debug-modules-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 0a1a7f69debcb63fceb636b3d34b8b6eed8e3068af85f5e77c08fae1ed64fd39 |
| kernel-rt-debug-modules-extra-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 1182bf70165ee07c16deff6fdd35739ccba283c6df255fb2e0831bb84193ac38 |
| kernel-rt-debuginfo-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 92d778dbb62629b5f924502b4a770025d111656c9a5c0d591520ec665d7da7d8 |
| kernel-rt-debuginfo-common-x86_64-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 83c23dceb81434d54ae63727debfaf031102121abee525981818d17cd0b7c454 |
| kernel-rt-devel-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 6c88fb1bf21cc394565620fbe0ef95fe0f9c1eab7cd3b417fd5e192a0a8155aa |
| kernel-rt-kvm-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 50ab646fd8f942395fac1d908b2f13fc9e321d4113652cc708fd6590755abe17 |
| kernel-rt-modules-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 8cd04ab254029a642ccc4e5af31e5dd81d107691c2166f2de5810d0c37b09736 |
| kernel-rt-modules-extra-4.18.0-193.68.1.rt13.118.el8_2.x86_64.rpm | SHA-256: 9e04adf90853ae8e3bf859e70cef38a12892e21ab5be29b990c55887be572aa3 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.